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REMARKS 

Claims 1-32 are pending in the instant application. In the outstanding Office Action, the 
Examiner has rejected claims 1, 3-7, 10-16, 18-20, 23-25, and 28-32 under 35 U.S.C. § 
102(e) as being anticipated by U.S. Patent No. 6,175,922 Bl to Wang (hereinafter, 
Wang). The Examiner has rejected claims 21-22 and 26-27 under 35 U.S.C. § 103(a) as 
being obvious over Wang in view of U.S. Patent No. 6,256,664 to Donoho et al 
(hereinafter, Donoho). The Examiner has also rejected claims 2, 8, 9, and 17 under 35 
U.S.C. § 103(a) as being obvious over Wang in view of U.S. Patent No. 6,269,336 Bl to 
Ladd et al (hereinafter, Ladd). Finally, the Examiner has rejected claims 1-6, 21, and 31- 
32 under 35 U.S.C. § 1 12, first paragraph. 

As an initial matter, the Applicant was under the impression that novelty over Wang had 
already been demonstrated respecting at least claims 1, 3-7, 10-16, and 18-20. The 
Examiner initially rejected those claims under 35 U.S.C. § 102(e) in an Office Action 
dated 7/3/2002. The Applicant amended independent claims 1, 7 and 16 in a Response 
dated 9/6/2002, and the Examiner did not re-assert the novelty rejection in the subsequent 
Office Action dated 1 1/8/2002. The latest Office Action re-instated the 102 (e) rejection 
as to the same previously-cited reference. Changing of Examiners during prosecution 
should not work to penalize an applicant. The Applicant still believes that the claim 
amendments made in the Response dated 9/6/2002 patently distinguish over Wang. Due 
to pragmatic concerns not related to the issue of patentability, the Applicant chooses to 
amend the independent claims in order to move this application toward issue without 
conceding lack of novelty for the claims as previously submitted. 

In paragraph 8 of the Office Action dated 3/6/2003, the Examiner rejected claims 2, 8, 9, 
and 17 under Wang in view of Ladd. The Examiner characterized Wang as teaching a 
PIN entered at an ATM that is then compared to a PIN stored at a remote site, but that 
Wang fails to provide a user entering a PIN into a mobile station. The Examiner 
characterized Ladd as teaching a PIN entered into a mobile station for user identification. 
Applicant agrees as to those respective teachings. However, Wang's teaching above is 
described as prior art, and Wang further teaches at col. 2, line 30-44 that entering a PIN 
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as in the prior art is a security shortfall to be overcome. One object of Wang, cited at col. 
2, lines 63-65, is to substantially overcome the risk of unauthorized procurement of a 
user's identification data. The difference between Wang and the prior art is explicitly 
stated at Wang, col. 5, line 30-39, (the prior art requires a user to enter identification data 
such as a PIN to authenticate himself, whereas Wang keeps identification data related to 
the user within the PEAD at all times). It is contended that Wang cannot be modified 
such that a user PIN number is entered at a mobile station without violating explicit 
teachings of the reference. 

Furthermore, Ladd is directed to interactive voice-activated web services. In Applicant's 
reading, each and every teaching of Ladd relating to entering a PIN or other personal 
authentication refers to entry via voice commands or audible tones. See Ladd, col. 4, 
lines 15-18; col. 6, lines 50-55; and col. 19, lines 55-59. Applicant presumes that spoken 
PINs are even more susceptible to unauthorized procurement than keyboard-entered PINs 
that Wang rejects. A skilled artisan looking to improve Wang therefore would not look 
to the teachings of Ladd, which reduces the security concerns that permeate Wang. There 
appears no motivation within the references to combine the two, and the above citations 
appear to show an explicit motivation not to do so. Applicant hereby requests the 
Examiner reconsider his combination of Wang and Ladd for personal authentication 
purposes in light of the above. 

Each of claims 2, 8, 9, and 17 concern entering personal authentication at a mobile 
station. Applicant has cancelled each of them and rewritten the relevant independent 
claims to include the respective dependent subject matter concerning entry of personal 
authentication. Applicant requests the Examiner reconsider his combination of Wang 
with Ladd and withdraw his rejections based thereon that would otherwise be imputed to 
claims 1, 7, 9 and 16, as amended herein. 

The Examiner has rejected claims 1, 3-7, 10-16, and 18-20 (among others) as not novel 
over Wang. Applicant respectfully requests the Examiner withdraw his novelty rejection 
to claims 3-6, 10-15, and 18-20 in light of their dependence from claims 1, 7, 9 or 16 as 
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amended herein. Applicant further requests that the Examiner withdraw the obviousness 
rejection to claim 21 based on its dependence from herein-amended claim 1. 

The Examiner has rejected claims 21-22 and 26-27 as obvious over the combination of 
Wang with U.S. Patent No. 6,256,664 Bl to Donoho et al (hereinafter, Donoho). As 
detailed above in the discussion of the combination of Wang with Ladd, Wang teaches 
away from prompting a user to enter personal authentication information using one of a 
computer user interface or a mobile station user interface as recited in claim 22. Donoho 
does not include such teaching, and the Examiner does not so allege. 

Additionally, claim 22 recites that the received challenge is detected based on message 
parsing that comprises MIME field recognition. While Donoho does teach parsing of 
messages using MIME, the approach of Wang appears to counsel against using MIME 
for security purposes. In each embodiment described in the Summary of Invention of 
Wang, col. 3, the requesting device receives from the server a transaction program which 
includes an executable portion (EP) that communicates with the PEAD. Claim 22 does 
not require downloading code from a server; the specification describes a plug-in or 
application already resident on the computer. In that instance, only messages are 
transmitted between the mobile station, computer, and site to satisfy claim 22, not code as 
required by Wang. Wang's failure to describe how PEAD messages are detected also 
seems to infer a proprietary communication channel. For security purposes, a proprietary 
channel is preferable to publicly known methods such as MIME, so Wang's lack of 
disclosure concerning message recognition seems to teach away from employing a 
knwon message recognition protocol such as MIME. 

For at least the above reasons, the Applicant respectfully requests the Examiner withdraw 
his obviousness rejection to claim 22 and pass it to issue. Claims 26-27 depend from 
claim 23, and are also deemed to be patentable for the reason, argued below, with respect 
to claim 23. 
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In addition to certain claims recited above, the Examiner has rejected claims 23-25 and 
28-32 as lacking novelty over Wang. The Applicant has herein amended claim 31 to 
incorporate the subject matter of claim 32. Claims 23, 30 and 31 are independent claims 
from which all remaining claims grouped immediately above depend. Each of claims 23, 
30 and 31 recite (in similar but not identical language) a list of certificates, accessible by 
the mobile station, that are applicable to the request. Applicant is unaware of any 
teaching within Wang that contemplates a list of certificates that are applicable to the 
transaction request and accessible by a mobile terminal. It appears that a PEAD as 
disclosed in Wang would not be operable with such a list, as Wang teaches that the only 
options available for a user of the PEAD is "accept" or "skip". Even if it were made to 
' be operable to select from a list of certificates, it appears Wang teaches away from such a 
modification by the security concerns described above that pervade the reference. As 
such, the Applicant respectfully requests the Examiner either more particularly point out 
the relevant teaching in Wang, or reconsider and withdraw the novelty rejection of claims 
23-3 1 as amended herein. 

Finally, the Examiner has rejected claims 1-6, 21, and 31-32 as not enabled under 35 
USC §112, first paragraph. The Examiner has graciously suggested inserting a step 
(sending a request from the mobile station to the computer) into the relevant independent 
claims to overcome this rejection. Applicant sincerely appreciates the suggestion but 
respectfully declines to adopt it. The Office Action does not appear to indicate that the 
specification is deficient, only that the claims leave out what the Examiner deems a 
critical step. 35 USC §112, first paragraph, recites that the specification must be 
enabling, not the claims alone. The specification includes both the claims and the written 
description (with drawings). The claims recite what the applicant regards as his 
invention, and in an issued patent they set forth the metes and bounds of legal rights. 
Applicant believes that there is no requirement that steps of a method claim be 
sufficiently enabling in and of themselves, but that they recite the patentably distinct 
aspects of the inventive method. 
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Respecting the Examiner's contention that it is a critical step, Applicant poses an 
example: a user ordering a book from a commerce-related site from his personal desktop 
computer at home. The user may access the site, select the book, and enter non- 
authorizing data such as shipping address, shipping mode, etc. directly at the desktop 
computer without using a mobile terminal. To consummate the order with submission of 
credit card data, the user may do so with his mobile terminal through a bluetooth 
connection with the computer, as a convenience over looking up and manually entering 
the information. The transaction was not initiated from the mobile terminal, but was 
consummated therefrom. Applicant asserts that the above example, wherein all other 
limitations of the relevant claims are met, is within the scope of the present invention. 
Applicant respectfully requests the Examiner withdraw his rejection under § 1 12, or more 
particularly point out where the specification is deficient in enabling one of ordinary skill 
to practice the invention. 

Applicant submits that the above detailed arguments successfully traverse each and every 
outstanding rejection. Applicant requests the Examiner withdraw all rejections to the 
remaining claims as herein amended and pass this application to issue without further 
delay. Applicant's undersigned attorney welcomes the opportunity to resolve any 
remaining issues via teleconference, at the contact numbers below, as the Examiner 
deems appropriate. 

Respectfully submitted: 



Reg. No.: 46,008 



Customer No.: 29683 
HARRINGTON & SMITH, LLP 
4 Research Drive 
Shelton,CT 06484-6212 





Gerald J. Stanton 



Date 
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VERSION WITH MARKINGS TO SHOW CHANGES 



1 . (Thrice Amended) A method for conducting electronic commerce, comprising steps 

/ 

operating a computer to contact a commerce-related site using a browser; 

automatically detecting a presence of a message received from the commerce- 
related site that requires, as a response, non-stored authentication information inputted by 
a user in response to the detected presence of the message; 

in response to automatically detecting the presence of the message, sending a 
message from the computer to4 mobile station over a bi-directional transmission link; 

in response \d receiving the message over the link, generating a user 

authentication message tMt is generated by prompting the user to enter a personal 

identification number (yIN) and comparing the entered PIN to a PIN stored in the mobile 

station non stor e d usc£ input at the mobil e station ; 

passing the/user authentication message from the mobile station to the computer 
over the bi-directional transmission link; and 

sending yuser authentication information from the computer to the commerce- 
related site using the browser. 
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7. (Twice Amended) A system for conducting communication with a site reachable 
through a data communications network, comprising: 

a mobile station comprising a user interface and a mobile station utilization 
application; and / 

a computer coupled to A data communications network and comprising a browser 
for contacting the site through the data communications network, the computer and 
browser operating to automatically detect a presence of a received message for the site 
that requires a response from the user, and further comprising an interface for sending a 
message from the computer to the mobile station over a bi-directional link in response to 
automatically detecting ithe presence of the message; 

said mobile staxion utilization application being responsive to the receipt of the 
message from the link for generating a user response message and for passing the user 
response message to/the computer over the link , said mobile station operating to prompt 
the user to enter a personal identification number (PIN) into the mobile station and to 
compare the entered PIN to a PIN stored in the mobile station ; and 

said computer being responsive to a receipt of said user response message for 
sending user response information to the site using said browser. 
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16. (Twice Amended) A method for conducting communication with a site reachable 
through a data communications network/comprising steps of: 

providing a mobile station having a user interface and an application; 

coupling a computer to a datWcommunications network, the computer having a 
browser for contacting the site through the data communications network; 

automatically detecting with the computer a presence of a received message from 
the site that requires a responseyfrom the user; 



in response to automatically detecting the presence of the received message, 
sending a message from the computer to the mobile station over a bi-directional link; 

responsive to the receipt of the message in the mobile station? and an input of a 
personal identification number (TIN) and a comparison of the inputted PIN to a PIN 
stored in the mobile station, generating a user response message and passing the user 
response message to the computer over the link; and 

responsive toA receipt of the user response message in the computer, sending user 
response information to the site using the browser. * 
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31. (Amended) A method fof conducting communication with a server, 
comprising: / 

coupling an access application running on a computer to the server through a data 
communications network; / 

automatically detecting a presence of a request that is received from the server, 
the request being one that reqwres an authentication of a user; 

in response to automatically detecting the presence of the request, sending a 
message from the computer lo a mobile station over a link; the message comprising an 
inquiry for a list of certificates that are application to the request, the certificates being 
accessible by the mobile station; 

presenting the list of applicable certificates to the user for selecting one of the 
presented certificates; / 

using the mobile station to communicate with a source of the selected certificate 
for completing the certificate which comprises a user authentication message; 

passing the/completed certificate over a link to the access application running on 
the computer; / 

in r e spons e to receiving th e m e ssag e over th e link, g e n e rating a us e r 
authentication m e ssag e in th e mobil e station; 

passing th e us e r auth e ntication m e ssage from th e mobile station to th e comput e r 
ov e r th e link; and 

responsive to a receipt of the completed certificate, sending user authentication 
information to the server using the access application. 
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